A web-application architecture for Secure Cloud Computing
|
|
|
- Cory Dickerson
- 8 years ago
- Views:
Transcription
1 A web-application architecture for Secure Cloud Computing 1
2 In the beginning... Your data-center Your mainframe or mini-computer Internal Network Internal Operations Your network Your Operations staff App DB CCN PIN KM OS Hardware Your single-tiered, monolithic applications Company Perimeter 2
3 The PC-LAN Your data-center Your PC server Your PC client Internal Network Internal Operations Your network Your firewall DB KM OS Hardware App CCN PIN OS Hardware Company Perimeter Your Operations staff Your two-tiered, client-server applications 3
4 The WWW Your data-center Your PC servers Your network Your firewall Internal Network Internal Operations Your Operations staff Your three-tiered, web applications DB KM AppSrv CCN PIN OS Hardware OS Hardware I Browser OS Hardware Company Perimeter 4
5 The Public Cloud CSP Network CSP Operations Cloud Service Provider's (CSP) data-center CSP's hardware CSP's Hypervisor App CCN PIN DB KM OS???? Hypervisor CSP's Network CSP's Operations staff Hardware Unknown guests in VMs CSP Perimeter Your applications and data? 5
6 EKM in the Public Cloud? Internal Network Internal Operations CSP Network CSP Operations LAN HSM Company Perimeter App DB OS CCN PIN???? Hypervisor Hardware CSP Perimeter 6
7 EKM with SaaS? SaaS Application Users SaaS Network SaaS Operations I Web Application Internal Operations EKMI V P N API????? OS Hardware Company Perimeter SaaS Perimeter 7
8 What's missing? Methodology to use the Cloud without being vulnerable Controls to ensure that neither CSP nor attacker can compromise your data 8
9 The Paradigm Shift Regulatory Compliant Cloud Computing (RC3) Architecture to secure data in the Cloud with proof of compliance. 9
10 RC3 Characteristics 1) Data-classification 2) Separate processing zones 3) Encryption Key Management Infrastructure 10
11 RC3 Data Classification Class-1 Sensitive and regulated data SSN, CCN, ACH, Medical, etc. Class-2 Sensitive but unregulated data Application Credentials, Salaries, Sales figures, etc. Class-3 Non-sensitive data 11
12 Data Before RC3 Bank Account AID Firstname Jane Lastname Smith SSN BranchID 123 AccountType 1 DateOpened 02/02/2012 Balance Class-2 data Class-1 data 12
13 Data After RC3 Bank Account Class-3 data AID Firstname Lastname SSN BranchID 123 AccountType 1 DateOpened 02/02/2012 Balance
14 Data Before RC3 Patient PID SSN Firstname John Lastname Smith Gender M DateOfBirth 03/03/1953 BloodType O+... Class-2 data Class-1 data Blood Report PID ReportDate 04/04/2012 RBC 5.1 WBC Class-2 data Class-1 data 14
15 Data After RC3 Patient Class-3 data PID SSN Firstname Lastname Gender M DateOfBirth 03/03/1953 BloodType O+... Blood Report PID ReportDate 04/04/2012 RBC 5.1 WBC
16 RC3 Zones Regulated Zone (Secure Zone) Class-1 and Class-2 data-processing & storage Enterprise Key Management Infrastructure (EKMI) Cloud Zone (Public Zone) Class-3 data-processing & storage Can, optionally, store C1/C2 tokens (C3-equivalent) NO CRYPTOGRAPHY NO IDENTITY MANAGEMENT SYSTEM NO INBOUND CONNECTION TO REGULATED ZONE 16
17 WEB-APPLICATION MODEL 17
18 Basic web application Transaction Confirmation 2 Web Application Server Web-site Company Perimeter 1 Customer Details Product Details Shipping Details Payment Details 18
19 With Redirection Company Perimeter Transaction Confirmation 4 Web Application Server Customer Details Product Details Shipping Details 1 Payment Confirmation 3 2 Payment Details Payment Processor Payment Processor Perimeter 19
20 SECURE CLOUD COMPUTING FOR E-COMMERCE RC3 MODEL 20
21 E-COMMERCE - 1 Cloud Zone WebApp Web IAM Application 1 Regulated Zone Authentication Credentials Company Perimeter or MSP 21
22 E-COMMERCE - 2 Cloud Zone WebApp 2 Session Token Web Application Regulated Zone 2 Session Token Company Perimeter or MSP 22
23 E-COMMERCE - 3 Cloud Zone WebApp Address Order Detail 3 Session Token Address Order Detail Web Application Regulated Zone Company Perimeter or MSP 23
24 E-COMMERCE - 4 Cloud Zone WebApp Address Order Detail Web Application Regulated Zone Company Perimeter or MSP 4 Session Token Name Credit Card Number Card Expiry Date Card Verification Value Amount Phone address 24
25 E-COMMERCE - 5 Cloud Zone CCN Name WebApp Address Order Detail 5 CCN Web Application Regulated Zone Company Perimeter or MSP 25
26 E-COMMERCE - 6 Cloud Zone CCN Name WebApp Address Order Detail Token 6 Web Application Regulated Zone Company Perimeter or MSP 26
27 E-COMMERCE - 7 Cloud Zone CCN Name WebApp Address Order Detail Token 7 Token Web Application Regulated Zone Company Perimeter or MSP 27
28 FULL TRANSACTION Cloud Zone CCN Name WebApp Address Order Detail Token 7 Token 5 CCN Web Application Regulated Zone Token Company Perimeter or MSP 6 4 Session Token Name Credit Card Number Card Expiry Date Card Verification Value Amount Phone address 3 Session Token Address Order Detail 28
29 HOW DO YOU TRANSITION TO RC3? 29
30 RC3 in the Enterprise Public Zone CCN Name Web Application Address Order Detail Token Token 7 5 CCN Web Application Regulated Zone Token 6 Session Token Name Credit Card Number Card Expiry Date Card Verification Value Amount Phone address 4 3 Session Token Address Order Detail Company Perimeter or MSP 30
31 RC3 in Private Clouds Cloud Zone CCN Name openstack WebApp Address Order Detail Token Token 7 5 CCN Web Application Regulated Zone Token 6 Session Token Name Credit Card Number Card Expiry Date Card Verification Value Amount Phone address 4 3 Session Token Address Order Detail Company Perimeter or MSP 31
32 RC3 in Public Clouds Cloud Zone CCN Name WebApp Address Order Detail Token 7 Token 5 CCN Web Application Regulated Zone Token Company Perimeter or MSP 6 4 Session Token Name Credit Card Number Card Expiry Date Card Verification Value Amount Phone address 3 Session Token Address Order Detail 32
33 RC3 rules for the Cloud Do NOT store/use cryptographic keys in the Cloud Do NOT store/use plaintext sensitive data in the Cloud Do NOT store credentials to anything in the Cloud Do NOT use CSP-supplied cryptographic keys DO change your Server SSL keys very frequently DO consider digitally signing/verifying Cloud data in the Regulated Zone Assume the worst (that your applications and data are operating on the open internet) and design for it 33
34 RC3 Case Study e-commerce company in US (ticket marketplace) Private Cloud Millions of documents Sizes ranging from a few kilobytes to megabytes Needed automatic ramp-up/ramp-down capability 34
35 Resources Regulatory Compliant Cloud Computing (RC3) Cryptographic engine (enables RC3 applications) CryptoCabinet (RC3 sample application) 35
36 Questions? Contact Information Arshad Noor +1 (408)
Automating Data Protection Across the Enterprise. Arshad Noor StrongAuth, Inc.
Automating Data Protection Across the Enterprise Arshad Noor StrongAuth, Inc. The Problem? 200M records 77M records 152M records 1.1M records 130M records And... 110M records 104M records Page 2 What's
Web-Application Architecture for Regulatory Compliant Cloud Computing. Version 1.2. March 15, 2011. Copyrights & Notices
- Architecture for Regulatory Compliant Computing Version. March 5, 0 Copyrights & Notices Copyright 00-0, StrongAuth Inc. All rights reserved. This document has been provided by StrongAuth, Inc. (StrongAuth)
Provable regulatory compliance!
1 Secure Cloud Computing 2 Secure Cloud Computing Secure Cloud Storage 3 The first complete security solution that lets you take advantage of Public Clouds while proving compliance to regulations! 4 FEATURES
Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
Cloud Security Overview
UT DALLAS Erik Jonsson School of Engineering & Computer Science Cloud Security Overview Murat Kantarcioglu Outline Current cloud security techniques Amazon Web services Microsoft Azure Cloud Security Challengers
Cloud Security. Securing what you can t touch. Presentation to Malaysia Government Cloud Computing Forum 2012-04-05 HUAWEI TECHNOLOGIES CO., LTD.
2012-04-05 Cloud Security Securing what you can t touch www.huawei.com www.huawei.com Presentation to Malaysia Government Cloud Computing Forum HUAWEI TECHNOLOGIES CO., LTD. Why worry about cloud security?
Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access
Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Vikas Jain Director, Product Management Intel Corporation Jesper Tohmo CTO, Nordic Edge (an Intel company) Session ID:
Verfahren zur Absicherung von Apps. Dr. Ullrich Martini IHK, 4-12-2014
Verfahren zur Absicherung von Apps Dr. Ullrich Martini IHK, 4-12-2014 Agenda Introducing G&D Problem Statement Available Security Technologies Smartcard Embedded Secure Element Virtualization Trusted Execution
LBSEC. http://www.liveboxcloud.com
2014 LBSEC http://www.liveboxcloud.com LiveBox Srl does not release declarations or guarantee regarding this documentation and its use and declines any expressed or implied commercial or suitability guarantee
Data Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
Applying Cryptography as a Service to Mobile Applications
Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography
Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant
Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV Nadav Elkabets Presale Consultant Protecting Your Data Encrypt Your Data 1 ProtectFile StorageSecure ProtectDB ProtectV Databases File
Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard
Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.
Lecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
SECURE CLOUD COMPUTING
Outline SECURE CLOUD COMPUTING Introduction (of many buzz words) References What is Cloud Computing Cloud Computing Infrastructure Security Cloud Storage and Data Security Identity Management in the Cloud
True Identity solution
Identify yourself securely. True Identity solution True Identity authentication and authorization for groundbreaking security across multiple applications including all online transactions Biogy Inc. Copyright
PCI Compliance Updates
PCI Compliance Updates E-Commerce / Cloud Security Adam Goslin, Chief Operations Officer AGoslin@HighBitSecurity.com Direct: 248.388.4328 PCI Guidance Google: PCI e-commerce guidance https://www.pcisecuritystandards.org/pdfs/pci_dss_v2_ecommerce_guidelines.pdf
Security Whitepaper. NetTec NSI Philosophy. Best Practices
Security Whitepaper NetTec NSI provides a leading SaaS-based managed services platform that to efficiently backup, monitor, and troubleshoot desktops, servers and other endpoints for businesses. Our comprehensive
Secure web transactions system
Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends
Cloud Security Training Days 3 and 4 Syllabus
November 2012 Intrinsec Security Technologies Cloud Security Training Days 3 and 4 Syllabus A Hands-On Companion Course to Cloud Security Alliance Training. Page 2 To Order Call: 1-855-732-3348 Day 3 Contents
Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS
Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Char Sample Security Engineer, Carnegie Mellon University CERT Information Security Decisions TechTarget Disclaimer Standard Disclaimer - This talk
Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services
Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Udo Schneider Trend Micro Udo_Schneider@trendmicro.de 26.03.2013
Malicious Websites uncover vulnerabilities (browser, plugins, webapp, server), initiate attack steal sensitive information, install malware, compromise victim s machine Malicious Websites uncover vulnerabilities
Security & Cloud Services IAN KAYNE
Security & Cloud Services IAN KAYNE CloudComponents CLOUD SERVICES Dynamically scalable infrastructure, services and software based on broad network accessibility NETWORK ACCESS INTERNAL ESTATE CloudComponents
Introduction to Cyber Security / Information Security
Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be
StrongKey. The industry's first open-source SKMS. Arshad Noor CTO, StrongAuth, Inc. NIST Key Management Workshop 2009
StrongKey The industry's first open-source SKMS Arshad Noor CTO, StrongAuth, Inc. NIST Key Management Workshop 2009 For those viewing via webcast, please submit questions for this presentation to: kmwquestions@nist.gov
Security Requirements & Cloud Computing
Security Requirements & Cloud Computing Matthias Luft ERNW GmbH mluft@ernw.de ERNW GmbH Heidelberg based security consulting and assessment company. - Independent - We understand corporate - Deep technical
Cloud Security Enterprise Concerns and Mitigations. November 3 rd 2015
Cloud Security Enterprise Concerns and Mitigations November 3 rd 2015 Biography Javed Samuel - Technical Director at NCC Group Lead Training Services Technical Account Manager for various clients Deliver
Tim Krause. Tony Savoy. General Manager and VP Managed & Cloud BU. Cloud and Service Provider Account Executive
Introducing the Speakers Tony Savoy Tim Krause General Manager and VP Managed & Cloud BU Cloud and Service Provider Account Executive Agenda Hostway and Veeam Partnership Importance of Availability for
Copyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Solutions for securing and auditing Oracle database Edgars Ruņģis Technology Consultant Why Are Databases Vulnerable? 80% of IT Security Programs Don t Address Database Security Forrester Research Enterprises
International Journal of Scientific & Engineering Research, Volume 5, Issue 1, January-2014 ISSN 2229-5518 1299
1299 TITLE Virtualization security in Data Centres & cloud Prof Sarita Dhawale. Ashoka Center for Business & Computer Studies,Nashik Head of Department of Computer Science University of Pune, Maharashtra.
Realities of Private Cloud Security
SESSION ID: CSV-F03 Realities of Private Cloud Security Scott Carlson PayPal @relaxed137 PayPal Cloud & Software Defined Data Center VIRTUAL Cloud Design Principals, traditional Data Center Deploy from
Bringing Cloud Security Down to Earth. Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com
Bringing Cloud Security Down to Earth Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Agenda About Nemertes Cloud Dynamics and Adoption Assessing Risk of Cloud Services
Mirantis OpenStack Express: Security White Paper
Mirantis OpenStack Express: Security White Paper Version 1.0 2005 2014 All Rights Reserved www.mirantis.com 1 Introduction While the vast majority IT professionals are now familiar with the cost-saving
Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective
Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective Futurex. An Innovative Leader in Encryption Solutions. For over 30 years, more than 15,000 customers worldwide
BMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
5nine Cloud Monitor for Hyper-V
5nine Cloud Monitor for Hyper-V Getting Started Guide Table of Contents System Requirements... 2 Installation... 3 Getting Started... 8 Settings... 9 Authentication... 9 5nine Cloud Monitor for Hyper-V
Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk
About PaaS Security Donghoon Kim Henry E. Schaffer Mladen A. Vouk North Carolina State University, USA May 21, 2015 @ ICACON 2015 Outline Introduction Background Contribution PaaS Vulnerabilities and Countermeasures
Commercially Proven Trusted Computing Solutions RSA 2010
Commercially Proven Trusted Computing Solutions RSA 2010 Hardware Self-Encrypting Drives (SEDs) Unique Security Features Encryption below the file system Hardware root-of-trust for encryption Tamper resistant
Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)
Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security
PCI DSS and the A10 Solution
White Paper A10 Thunder Series PCI DSS and the A10 Solution For cloud service providers, A10 s Thunder Series & AX Series appliances and SoftAX are the first step towards PCI compliance, allowing you to
Copyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Security Inside-Out with Oracle Database 12c Denise Mallin, CISSP Oracle Enterprise Architect - Security The following is intended to outline our general product direction. It is intended for information
APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST
APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data
PrivateServer HSM Integration with Microsoft IIS
PrivateServer HSM Integration with Microsoft IIS January 2014 Document Version 1.1 Notice The information provided in this document is the sole property of Algorithmic Research Ltd. No part of this document
Replacing Microsoft Forefront Threat Management Gateway with F5 BIG-IP. Dennis de Leest Sr. Systems Engineer Netherlands
Replacing Microsoft Forefront Threat Management Gateway with F5 BIG-IP Dennis de Leest Sr. Systems Engineer Netherlands Microsoft Forefront Threat Management Gateway (TMG) Microsoft Forefront Threat Management
SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP
SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson
White Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
Citrix MetaFrame XP Security Standards and Deployment Scenarios
Citrix MetaFrame XP Security Standards and Deployment Scenarios Including Common Criteria Information MetaFrame XP Server for Windows with Feature Release 3 Citrix Systems, Inc. Information in this document
Securing the Virtualized Data Center With Next-Generation Firewalls
Securing the Virtualized Data Center With Next-Generation Firewalls Data Center Evolution Page 2 Security Hasn t Kept Up with Rate Of Change Configuration of security policies are manual and slow Weeks
How to survive in a world of Virtualization and Cloud Computing, where you even can t trust your own environment anymore. Raimund Genes, CTO
How to survive in a world of Virtualization and Cloud Computing, where you even can t trust your own environment anymore. Raimund Genes, CTO Data everywhere but protection? Unprotected Data Needing Protection
Chapter 11 Cloud Application Development
Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How
Security Model for VM in Cloud
Security Model for VM in Cloud 1 Venkataramana.Kanaparti, 2 Naveen Kumar R, 3 Rajani.S, 4 Padmavathamma M, 5 Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science,
The Network Alone Can t Protect Your Data
The Network Alone Can t Protect Your Data SESSION ID: STU-T07B Elliot Lewis Chief Security Architect Dell / Dell Software Group @elliotdlewis Chad Skipper Senior Principal Engineer Dell / End User Computing
The Security Behind Sticky Password
The Security Behind Sticky Password Technical White Paper version 3, September 16th, 2015 Executive Summary When it comes to password management tools, concerns over secure data storage of passwords and
ICS 434 Advanced Database Systems
ICS 434 Advanced Database Systems Dr. Abdallah Al-Sukairi sukairi@kfupm.edu.sa Second Semester 2003-2004 (032) King Fahd University of Petroleum & Minerals Information & Computer Science Department Outline
Fighting Today s Cybercrime
SECURELY ENABLING BUSINESS Fighting Today s Cybercrime Ongoing PCI Compliance Using Data-Centric Security Technologies HOUSEKEEPING ITEMS All phone lines have been muted for the duration of the webinar.
2013 AWS Worldwide Public Sector Summit Washington, D.C.
Washington, D.C. Next Generation Privileged Identity Management Control and Audit Privileged Access Across Hybrid Cloud Environments Ken Ammon, Chief Strategy Officer Who We Are Security software company
Security Best Practices for Microsoft Azure Applications
Security Best Practices for Microsoft Azure Applications Varun Sharma Principal Security Engineer, Information Security & Risk Management (ISRM), Microsoft IT Service Lines Application Security Infrastructure
The Challenges of Web single sign-on
Serge Vereecke Security Architect IBM Security Services serge_vereecke@be.ibm.com The Challenges of Web single sign-on GSE Event September 7, 2012 Agenda Single sign-on technology Why single sign-on Challenges
Enterprise Key Management Infrastructure (EKMI)
Enterprise Key Management Infrastructure (EKMI) Arshad Noor, Chair, EKMI TC arshad.noor@strongauth.com OASIS IDtrust Workshop Barcelona, Spain October 22, 2007 Why do you need EKMI? Avoid going to jail
Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation
Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways
Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.
Entrust Managed Services PKI Getting an end-user Entrust certificate using Entrust Authority Administration Services Document issue: 2.0 Date of issue: June 2009 Revision information Table 1: Revisions
Interwise Connect. Working with Reverse Proxy Version 7.x
Working with Reverse Proxy Version 7.x Table of Contents BACKGROUND...3 Single Sign On (SSO)... 3 Interwise Connect... 3 INTERWISE CONNECT WORKING WITH REVERSE PROXY...4 Architecture... 4 Interwise Web
ProjectManager.com Security White Paper
ProjectManager.com Security White Paper Standards & Practices www.projectmanager.com Introduction ProjectManager.com (PM) developed its Security Framework to continue to provide a level of security for
Strong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012
Strong authentication of GUI sessions over Dedicated Links ipmg Workshop on Connectivity 25 May 2012 Agenda Security requirements The T2S U2A 2 Factor Authentication solution Additional investigation Terminal
The Comprehensive Guide to PCI Security Standards Compliance
The Comprehensive Guide to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)
State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP) Document Revision History Date Version Creator Notes File Transfer Protocol Service Page 2 7/7/2011 Table of Contents
FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
Cloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014
Cloud Security Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014 Agenda Introduction Security Assessment for Cloud Secure Cloud Infrastructure
CorreLog Alignment to PCI Security Standards Compliance
CorreLog Alignment to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
Implementing Security on virtualized network storage environment
International Journal of Education and Research Vol. 2 No. 4 April 2014 Implementing Security on virtualized network storage environment Benard O. Osero, David G. Mwathi Chuka University bosero@chuka.ac.ke
Privacy-Preserving Distributed Encrypted Data Storage and Retrieval
Privacy-Preserving Distributed Encrypted Data Storage and Retrieval Sibi Antony Master Thesis Starting Talk WS12/13 1 Overview Motivation Thesis Goals Methodology Initial Analysis Time Table 2 Motivation
Data-Centric security and HP NonStop-centric ecosystems. Andrew Price, XYPRO Technology Corporation Mark Bower, Voltage Security
Title Data-Centric security and HP NonStop-centric ecosystems A breakthrough strategy for neutralizing sensitive data against advanced threats and attacks Andrew Price, XYPRO Technology Corporation Mark
Global Identity Management of Virtual Machines Based on Remote Secure Elements
Global Identity Management of Virtual Machines Based on Remote Secure Elements Hassane Aissaoui, P. Urien, Guy Pujolle To cite this version: Hassane Aissaoui, P. Urien, Guy Pujolle. Global Identity Management
VAULT MODERN SECRETS MANAGEMENT
VAULT MODERN SECRETS MANAGEMENT CLICK ENGAGE TO RATE RATE 12 SESSIONS AND GET THE SUPERCOOL GOTO PRIZE SETH VARGO @sethvargo SECRET MANAGEMENT WHAT IS "SECRET"? SECRET VS. SENSITIVE SECRET SENSITIVE
How to Drop your Anchor
How to Drop your Anchor Enabling Trust in Cloud-Based Services Andreas Curiger CTO Securosys SA DIGS DC Day, Sep 16, 2015 10:30-10:55 The Promising World of Cloud Computing Cloud computing offers network
PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
Achieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
HP Software as a Service. Federated SSO Guide
HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying
CernVM Online and Cloud Gateway a uniform interface for CernVM contextualization and deployment
CernVM Online and Cloud Gateway a uniform interface for CernVM contextualization and deployment George Lestaris - Ioannis Charalampidis D. Berzano, J. Blomer, P. Buncic, G. Ganis and R. Meusel PH-SFT /
Data Centers and Cloud Computing. Data Centers
Data Centers and Cloud Computing Intro. to Data centers Virtualization Basics Intro. to Cloud Computing 1 Data Centers Large server and storage farms 1000s of servers Many TBs or PBs of data Used by Enterprises
How To Protect Your Cloud Computing Resources From Attack
Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview
Security Landscape of Cloud Computing
Security Landscape of Cloud Computing Amrith Nawoor Sales Consulting Team Leader East Africa & SADC 1 This document is for informational purposes. It is not a commitment to deliver any material, code,
Enabling SSO for native applications
Enabling SSO for native applications Paul Madsen Ping Identity Session ID: IAM F42B Session Classification: Intermediate Mobile Modes Source - 'How to Connect with Mobile Consumers' Yahoo! Overview Enterprise
Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud
Simone Brunozzi, AWS Technology Evangelist, APAC Fortress in the Cloud AWS Cloud Security Model Overview Certifications & Accreditations Sarbanes-Oxley (SOX) compliance ISO 27001 Certification PCI DSS
Whitepaper. What You Need to Know About Infrastructure as a Service (IaaS) Encryption
Whitepaper What You Need to Know About Infrastructure as a Service (IaaS) Encryption What You Need to Know about IaaS Encryption What You Need to Know About IaaS Encryption Executive Summary In this paper,
Mobile, Cloud, Advanced Threats: A Unified Approach to Security
Mobile, Cloud, Advanced Threats: A Unified Approach to Security David Druker, Ph.D. Senior Security Solution Architect IBM 1 Business Security for Business 2 Common Business Functions Manufacturing or
Adaptive Authentication Integration Options. John Murray Manager, RSA Systems Engineering
Adaptive Authentication Integration Options John Murray Manager, RSA Systems Engineering What is RSA Adaptive Authentication? Comprehensive authentication and fraud detection platform Powered by Risk-Based
Cloud Security and Data Protection
Cloud Security and Data Protection Cloud Strategy Partners, LLC Sponsored by: IEEE Educational Activities and IEEE Cloud Computing Course Presenter s Biography This IEEE Cloud Computing tutorial has been
SierraVMI Sizing Guide
SierraVMI Sizing Guide July 2015 SierraVMI Sizing Guide This document provides guidelines for choosing the optimal server hardware to host the SierraVMI gateway and the Android application server. The
Authentication, Authorization, and Audit Design Pattern: Internal User Identity Authentication
Authentication, Authorization, and Audit Design Pattern: Internal User Identity Authentication Office of Technology Strategies (TS) Architecture, Strategy, and Design (ASD) Office of Information and Technology
Security Characteristics of Cryptographic Mobility Solutions
Security Characteristics of Cryptographic Mobility Solutions Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 sarbari@electrosoft-inc.com http://www.electrosoft-inc.com Agenda What is a Cryptographic
Extending APS Packages with Single Sign On. Brian Spector, CEO, CertiVox / Gene Myers, VP Engineering, CertiVox
Extending APS Packages with Single Sign On Brian Spector, CEO, CertiVox / Gene Myers, VP Engineering, CertiVox Introducing APS 2.0 A Platform for Integration APS Dynamic UI HTML5 Extensibility Certified
Applying Common Criteria to a cloud type payment service
1 Applying Common Criteria to a cloud type payment service Kenji Yamaya ECSEC Laboratory Inc. 2 Evaluation of a cloud system Tablet internet cloud Newly developed terminal products Mobile POS Smart Phone
Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?
SaaS vs. COTS Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? Unlike COTS solutions, SIMCO s CERDAAC is software that is offered as a service (SaaS). This offers several
Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald
Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald About DN-Systems Global Consulting and Technology Services Planning Evaluation Auditing Operates own Security Lab Project Management Integral
Strong Authentication for Secure VPN Access
Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations